Category : File Managers
Archive   : PC-IRIS.ZIP
Filename : MERLIN.DOC

PC-Merlin V1.0-1
================


Overview
---------

PC-Merlin implements the DOS 'copy' program with data encryption. This
allows the user to copy multiple files to a target disk or directory,
encrypting the data as the copy proceeds.

Such a function is particularly useful to users who need exchange
sensitive data with remote users, or who need to keep offsite backups
of such data.

PC-Merlin encrypts data using the DES (Data Encryption Standard) algorithm
in electronic code-book mode. There is currently no known general solution
to this algorithm.


PC-Merlin syntax
----------------

MERLIN [drive:]i_path [drive:]o_path /K:keyvalue /E or /D [/S]

[drive:]i_path The input file(s)
[drive:]o_path The output file(s)
/K:keyvalue DES cipher key
/E Encrypt the file(s)
/D Decrypt the file(s)
/S Secure erase the input after processing


The input & output files must be supplied as parameters 1 & 2 respectively.
The order in which the switches are supplied is unimportant.


Keyvalue expression:

The keyvalue may be entered in one of 2 forms:

1. 64 bit Hex. This is a 64 bit or 8 byte Hex value entered thus:

/K:1F-6C-F1-37-1A-D4-71-0F

2. Keyphrase. This is any arbitrary sequence of characters such as
an easily remembered phrase. The minimum length allowed is 8
chars, maximum 64 chars. Two rules should be considered when
selecting keyphrases:

1. Easily remembered phrases are often easily guessable
2. Long phrases produce more secure keys than short ones

An example of a good (ie: secure) keyphrase would be:

/K:slowaheadallengines

Cipher function:

The user selects the cipher function, Encrypt or Decrypt with the /E or /D
switches. /E indicates that encryption is required, /D indicates that dec-
-ryption is required. If both switches are specified, then the last one on
the command line has precedence.


Secure erase:

It is often desirable to erase the input file after processing. This option
is selectable by specifying the /S switch. The secure erase function erases
files by repeatedly overwriting them with a changing pattern, as specified
by the US Department of Defence secure erase procedures. After the file data
has been overwritten, it is then deleted.


Example:

A user wishes to copy all data from a directory to floppy, which will be
stored off-site:

C:> merlin c:\secrets\*.DBF a: /K:nevertalktostrangers /E

The user may choose to erase data after it has been copied thus:

C:> merlin c:\secrets\*.DBF a: /K:nevertalktostrangers /E /S


If the data had to restored from floppy, then the following command would
be used:

C:> merlin a:*.* c:\secrets\*.DBF /K:nevertalktostrangers /D